Microsoft Edge Will Soon Warn Users When Passwords Are Leaked With the New Password Monitor

Microsoft Edge Password Monitor

Last year, Microsoft overhauled its Edge browser and based it on Chromium – the same open-source platform that powers Google Chrome as well as a few other popular browsers. This not only improved the browser's performance, but it also made it compatible with quite a few popular software products. Predictably, people reacted positively to the change, and in April, it was announced that Microsoft Edge had overtaken Firefox and had become the second most popular browser in the world.

Microsoft keeps adding new features

Given that Edge was launched less than five years ago, getting to second place is quite an achievement, though seeing it move further up is unlikely for the foreseeable future. Close to 70% of all users prefer Google Chrome, and convincing them to switch to Internet Explorer's successor is going to be a tall order. This, of course, won't stop Microsoft from adding new features that could change at least some people's minds.

If you are using the Edge's Canary and Dev versions, for example, you can now test drive a new functionality that can tell you if you need to change your password. The new feature periodically checks the passwords you've saved with Microsoft Edge against a vast database of login credentials leaked during various data breaches, and if it finds out that one of your passwords may have been affected by a breach, it will notify you immediately.

The new feature is called Password Monitor, and Microsoft first announced its plans to introduce it back in March. Unfortunately, it has only now come around to adding it to the insider versions, and it's still not clear when it will be available in a stable release.

Why is the Password Monitor so important?

Microsoft isn't exactly at the bleeding edge with this feature. Troy Hunt's HaveIBeenPwned service has offered a way of checking your passwords against a massive database of leaked credentials for years, and Google Chrome and Mozilla Firefox introduced similar functionality a while ago. Microsoft is keeping up with a very important trend that aims to reduce the impact of credential stuffing attacks that have been gaining popularity over the last few years.

The readily available troves of leaked login data coupled with the fact that people reuse their passwords far too often make credential stuffing the easiest way of compromising a large number of accounts in a short period of time. Browser vendors think that notifying users about their leaked data is a way to minimize the chance of this happening, and it must be said that it could work. After all, even the National Institute of Standards and Technology (NIST) advises that a password should be changed only if it's known to be compromised.

It should also be noted, however, that using unique, strong passwords for every account would be a much more effective way of fighting credential stuffing. That, unfortunately, is up to the users, and not the browser vendors.

June 29, 2020

Leave a Reply